| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 02 Jul 2008 09:22:59 +0200
From: Miklos Szeredi <miklos@...redi.hu>
To: jmorris@...ei.org
CC: miklos@...redi.hu, jjohansen@...e.de, akpm@...ux-foundation.org,
linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org, serue@...ibm.com, morgan@...nel.org
Subject: Re: [patch] security: fix dummy xattr functions
On Wed, 2 Jul 2008, James Morris wrote:
> On Tue, 1 Jul 2008, Miklos Szeredi wrote:
>
> > Hi James,
> >
> > If this (untested) patch looks OK, could you please apply it to your
> > tree?
>
> As I understand it, filesystem capabilities is only enabled when either
> LSM is disabled, or the LSM capabilities module is built.
>
> In both cases, security/commoncap.o is built. With LSM disabled, the
> correct cap_inode_xxx functions will be linked. With LSM+capabilities,
> either the capability LSM will be loaded, or another LSM will need to
> deliberately stack it.
>
> So, I think the existing code is correct.
So where do the dummy_ functions figure into this? As I understand,
they are called whenever LSM is disabled, but the LSM doesn't define a
particular hook, so there's a default implementation. Is that correct?
If so, then in theory it is still theoretically possible that with
LSM+capabilities, the LSM doesn't explicitly stack inode_setxattr and
inode_removexattr, and so the dummy implementation should do that
instead. What am I missing?
Thanks,
Miklos
>
> >
> > Replace open coded xattr checks with cap_inode_xxx() function calls in
> > dummy_inode_setxattr() and dummy_inode_removexattr(). The old ones
> > were out of sync with the cap_inode_xxx() implementation, which could
> > even be a security problem.
> >
> > Noticed by John Johansen.
> >
> > CC: John Johansen <jjohansen@...e.de>
> > Signed-off-by: Miklos Szeredi <mszeredi@...e.cz>
> > ---
> > security/dummy.c | 12 ++----------
> > 1 file changed, 2 insertions(+), 10 deletions(-)
> >
> > Index: linux-2.6/security/dummy.c
> > ===================================================================
> > --- linux-2.6.orig/security/dummy.c 2008-07-01 21:44:03.000000000 +0200
> > +++ linux-2.6/security/dummy.c 2008-07-01 21:51:08.000000000 +0200
> > @@ -370,11 +370,7 @@ static void dummy_inode_delete (struct i
> > static int dummy_inode_setxattr (struct dentry *dentry, const char *name,
> > const void *value, size_t size, int flags)
> > {
> > - if (!strncmp(name, XATTR_SECURITY_PREFIX,
> > - sizeof(XATTR_SECURITY_PREFIX) - 1) &&
> > - !capable(CAP_SYS_ADMIN))
> > - return -EPERM;
> > - return 0;
> > + return cap_inode_setxattr(dentry, name, value, size, flags);
> > }
> >
> > static void dummy_inode_post_setxattr (struct dentry *dentry, const char *name,
> > @@ -395,11 +391,7 @@ static int dummy_inode_listxattr (struct
> >
> > static int dummy_inode_removexattr (struct dentry *dentry, const char *name)
> > {
> > - if (!strncmp(name, XATTR_SECURITY_PREFIX,
> > - sizeof(XATTR_SECURITY_PREFIX) - 1) &&
> > - !capable(CAP_SYS_ADMIN))
> > - return -EPERM;
> > - return 0;
> > + return cap_inode_removexattr(dentry, name);
> > }
> >
> > static int dummy_inode_need_killpriv(struct dentry *dentry)
> >
>
> --
> James Morris
> <jmorris@...ei.org>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists